John Fiore wrote:
is there any documentation about using pkg_add over ssh available yet?
Can this feature be used with some of the official mirrors?
Just out of curiosity, why would you want to do this? pkg_add verifies the
packages after downloading them. Is this some kind of firewalling issue?
AFAIK, in contrast to building packages from source, pkg_add(1) doesn't
do any checks for integrity/authenticity (this would require procedures
for signing packets and a corresponding PKI).
By relying on the ssh host keys from the official OpenBSD mirror
website, the use of pkg_add over ssh would make sure that packages can't
be modified on the way from the mirror to the upgrading machine. This
isn't perfect, but it would certainly be an improvement (similar to
anoncvs via ssh). Moreover, the short description of this feature in the
4.0 release notes suggests that upgrades via ssh will be tunneled
through a single connection, which would be more efficient than the
current ftp variant.
